Cybersecurity attacks have become an inevitable business risk for companies, large and small. Companies must now develop, and continually update, plans to protect personal data, design an incident response plan should it be attacked, and address the scope of litigation risks and regulatory obligations upon an incident.
As part of our ongoing cybersecurity efforts to ensure safe and reliable service to our clients, we recently became ISO 27001 certified. The work undertaken to achieve and retain this certification gives us unique insight into clients’ challenges in minimizing exposure and maintaining compliance in this increasingly complex and threatening area.
Clients work with us for our practical approach to addressing cybersecurity:
Strategic Risk Management
- Cybersecurity preparedness including implementing data protection plans meant to reduce reputational, business continuity and regulatory risk
- Guidance for boards of directors and senior management on data protection obligations
- Development of data breach policies, playbooks and scenario plans
- M&A due diligence involving data protection, privacy and security
- Review of data protection insurance coverage
- Health information privacy, including security policies and governance
Thorough and Organized Incident Response
- Executing efficient response plans, either as managers or supporting team members
- Data breach investigation, including addressing employee misconduct
- Liaison with regulatory, law enforcement authorities and Privacy Commissioners
- Seamless coordination with public/government relations service providers
Vigorous Advocacy and Defence
- Defending against litigation or class action proceedings relating to data breach or privacy incidents
- Defending against regulatory proceedings and negotiating with regulatory agencies